Healthcare Software Security Evaluated by Veracode

The cloud presents healthcare suppliers the chance to simplify the provision and administration of medical facilities. However, healthcare suppliers trying to use the ability of the cloud might possibly be putting Protected Health Information (PHI) at peril.

HIPAA needs covered entities to always protect PHI, whether it takes the shape of digital files or physical records. Any PHI accessible or stored through applications or other cloud apps should have security controls ready to safeguard the data. All cloud apps should, therefore, be subjected to a full risk evaluation to identify possible security weaknesses, and any problems found should be tackled.

A number of healthcare suppliers, and other HIPAA-covered entities solicit the assistance of experts when it comes to evaluating mobile application safety, with Veracode a market king pin.

More than 200,000 Cloud App Safety Assessments Completed

Veracode assesses apps for safety weaknesses that could possibly be abused to gain access to patient files, or login identifications to get access to healthcare computer systems. Over the years the firm has collected a substantial amount of information. That information has now been studied and assembled into a new State of Software Security Report.

The report provides CIOs, CISOs, and Health IT experts vital insights into software safety, letting them to better know the dangers impacting their own company’s cloud apps.

The report was assembled from data accumulated from 208,670 security assessments carried out by the business over a duration of 18-month; during that time the organization’s systems scrutinized billions of lines of the program.

Government Software Safety Compared with 34 Other Sectors

The earlier volume of the report, generated in 2011, concentrated only on the government sector, while the newest issue contrasts government software safety with 34 other businesses, including healthcare. These businesses have been classified into 7 vertical marketplaces against which government safety has been contrasted.

This year’s report provides remediation best ways and also looks at the consequences of applying risk reduction plans; comparing the attempts different businesses have made to tackle their mobile app security weaknesses.

Key Outcomes of the Security Statement

It’s bad information for the government sector because several security improvements are required. There are still a number of flaws in its mobile app safety defenses which will require some time to rectify. As per the data, more than 75% of government apps were failing the OWASP Best 10 when evaluated for danger. The key issue has been found as being over-reliance on obsolete programming languages.

If safety weaknesses are tackled there are substantial advantages. The production sector steers the way and has made a number of improvements and has tackled the most weaknesses of any sector, addressing 81% of the total quantity of weaknesses Veracode’s software identified. The government, which must, in theory at least, be tackling weaknesses quicker than other industries, is at bottom of the list. It has tackled just 27% of identified weaknesses. Healthcare is second last, with just 43% of software safety weaknesses fixed.

The report details the main software security weaknesses impacting the healthcare sector, one of the sectors with specifically precarious software. The classification of risk for the healthcare sector was concluded to be:

· Code Quality

80%

· Cryptographic Issues

61%

· Information Leakage

60%

· CRLF Injection

48%

· Cross-Site Scripting (XSS)

46%

· Directory Traversal

45%

· Insufficient Input Validation

43%

· SQL Injection

32%

· Credential Management

26%

· Time and State

23%

Veracode’s scientists discovered there was a “higher institutional consciousness of app security risk as well as a greater emphasis on applying enterprise-wide rules, checking key performance indicators (KPIs) and introducing constant improvement procedures” in the manufacturing and financial sectors.

Healthcare Sector Performs Poorly

Veracode said in a latest mass media announcement, “Given the big amount of confidential files collected by healthcare companies, it’s worrying that 80% of healthcare apps reveal cryptographic problems like weak algorithms upon preliminary assessment.” With just 43% of weaknesses remediated, the sector is still mainly vulnerable to attack.

The data analysis revealed that nearly 3 out of 4 third-party software apps did not succeed the OWASP Top 10 when firstly evaluated, which demonstrates that substantial data safety risks are being launched in the supply sequence. Veracode also discovered that remediation coaching facilities can significantly decrease application-layer risk.